Pairing-free threshold signatures and their lattice-based analogs
Chenzhi Zhu
Abstract:
Threshold signature schemes allow the signing key to be distributed among a group of signers, with a signature being issued if and only if a threshold number of signers are involved. These schemes have gained significant attention recently, particularly for their use in cryptocurrency wallets to mitigate single points of failure, as well as for ongoing standardization efforts by NIST.
This talk will focus on my recent works on threshold signatures based on pairing-free groups and lattices. I will begin with an overview of the state-of-the-art pairing-free construction, FROST, which produces Schnorr signatures and supports partial non-interactive signing (requiring only a single message-dependent round). The security of FROST relies on the random oracle model as well as a strong non-interactive assumption, the algebraic one-more discrete logarithm (AOMDL) assumption. I will then describe our technique that tweaks FROST to rely solely on the plain discrete logarithm (DL) assumption and the ROM. Finally, I will discuss how this idea leads to the development of the first practical 2-round lattice-based constructions under standard lattice assumptions (SIS and LWE) and the ROM.
Bio:
Chenzhi Zhu is a postdoctoral fellow at the CIS Lab at NTT Research, hosted by Elette Boyle. He received his Ph.D. in the Paul G. Allen School of Computer Science & Engineering at the University of Washington, advised by Stefano Tessaro. He earned his bachelor’s degree in computer science from the Yao Class at Tsinghua University. His research focuses on the design of practically efficient cryptographic protocols that have real-world impacts. In particular, his work on blind signatures and threshold signatures has been published in top conferences and has contributed to standardization efforts in these areas.